Point-of-sale (POS) malware continues to make headlines and inflict damage on brand reputation and profit margins alike. Whether it’s a direct attack on a particular merchant, or an attack on a POS provider in order to breach many merchants at once - a strategy known as "vendor as vector" - SIEM-at-the-Edge is able to detect and stop it.

Quick and Easy to Deploy

With a lightweight sensor installed on each POS and any other critical device at each business location, Netsurion's SIEM-at-the-Edge is immediately defending your systems. Powered by the Gartner-recognized EventTracker SIEM platform, Netsurion is able to bring enterprise-level desktop security to the "edge" devices of every retail and merchant location.

Perfect for Franchise Businesses

In a franchise environment, SIEM-at-the-Edge can be configured to provide appropriate visibility to each franchisee with global visibility to the franchisor.

With SIEM-at-the-Edge installed and protecting your POS devices, we work with you to configure what activity warrants an alert as well as what automatic remediation should occur. Once active, if any malware application attempts to load on any of your POS devices, it can be blocked from running and an immediate alert would be sent to your designated security personnel. The targeted POS device is secured, your security team is notified to investigate further, and all other devices monitored are protected from the attack as well.


  • Terminate cyber-attacks missed by firewalls and anti-virus

    Many cyber-attacks are not detected by up-to-date anti-virus solutions or firewalls. SIEM-at-the-Edge provides additional protection against these attacks by checking new processes or DLLs that have never been executed in your organization against your organization’s specific white list, as well as a global white list and multiple black lists. If found unsafe, the process will be terminated, potentially stopping a cyber-attack in real time.
  • Terminate communication with suspicious remote sites

    The SIEM-at-the-Edge endpoint sensor terminates the connection with remote sites that have poor reputations. When an endpoint establishes a new connection with any remote site, SIEM-at-the-Edge checks the reputation of the IP address against multiple threat databases to determine the risk. If the reputation of the remote IP address is marked as bad in multiple databases, the connection will be terminated.
  • Detect unknown/untrusted/unsigned processes, DLLs

    SIEM-at-the-Edge's file integrity monitoring (FIM) capability regularly takes a snapshot of the entire system to detect new and modified processes and DLLs. All new DLLs and EXEs, including those that may be dormant and have not yet executed, are checked to see whether they are signed by an approved vendor or whether they are on a safe list.
  • Disable untrusted USB drives

    Every time a USB is inserted, the serial number and manufacturer of the USB is checked against an approved list. If the USB is not on the approved list, the drive will be disabled. This minimizes the threat of a data breach via a USB drive.
  • Record all files copied to USB drives

    If SIEM-at-the-Edge permits access to a USB drive, our endpoint sensor will monitor and record all activities on the device and every file that is written to or deleted from the device. If a file name matches certain filter criteria, EventTracker can notify your organization to investigate.
  • Monitor and terminate runaway processes

    SIEM-at-the-Edge monitors critical performance parameters and running processes including CPU usage, memory, disk space, and process threads. If any of the critical performance parameters cross a predefined boundary and impact system performance, we will notify the appropriate point-of-contact for any necessary remedial action.
  • Identify all communication outside the firewall

    SIEM-at-the-Edge monitors all established connections outside the firewall. This allows our product to learn a standard baseline and develop a white list of all remote IP addresses to which you routinely communicate. Our managed service team consistently reviews these lists to identify abnormal communication that requires attention. This information is used to tune the security policies and stop breaches in an organization.
  • Identify critical file changes on your critical servers

    It is important for organizations to identify and review when critical files are changed. SIEM-at-the-Edge's FIM will monitor file changes to critical folders. Our managed service team will review these changes and provide your organization with a critical observation summary report.
  • Monitor local admin activities

    It is a best practice for any organization to watch the watcher. A local system administrator can accidentally or intentionally increase the risk of a data breach, and if their activity is not monitored, your security policies can be compromised. SIEM-at-the-Edge monitors all administrator activities and will immediately notify you of any abnormal system activities.
  • Restart stopped services

    SIEM-at-the-Edge improves the availability of endpoint systems by restarting failed services. If failed, it can automatically restart the critical security service and notify an appropriate person.